Davidfcarr Quick Playground vulnerabilities
3 known vulnerabilities affecting davidfcarr/quick_playground.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-1830P2CRITICALCVSS 9.8PoC≤ 1.3.12026-04-09
CVE-2026-1830 [CRITICAL] CWE-862 CVE-2026-1830: The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up
The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated attackers to retrieve the sync code, upload PHP files
nvd
CVE-2026-6403P3HIGHCVSS 7.5≤ 1.3.32026-05-15
CVE-2026-6403 [HIGH] CWE-22 CVE-2026-6403: The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and incl
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckply_zip_theme() function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without sanitizing directory traversal sequences. This makes it po
nvd
CVE-2026-2500P4MEDIUMCVSS 4.4≤ 1.3.42026-06-06
CVE-2026-2500 [MEDIUM] CWE-22 CVE-2026-2500: The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the `qckply_data()` function passing the user-supplied `filename` POST parameter directly to `file_get_contents()` without any validation, sanitization, or path restriction. This makes it possible for authenticated attac
nvd